From 448a310b1a3d8517ba0ec67e1b3f6706f3dea3acba6581d0855946696dd8a27a Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@suse.com>
Date: Mon, 26 Oct 2020 13:09:54 +0000
Subject: [PATCH] Accepting request 844086 from home:kukuk:container

- Check for errors when importing ldif files
- Add support to import ldif files for mailserver setup
- Add timezone package
- Load postfix.ldif by default, delete duplicate file
- Pre-process mailserver/*.ldif files

OBS-URL: https://build.opensuse.org/request/show/844086
OBS-URL: https://build.opensuse.org/package/show/devel:kubic:containers/opensuse-openldap-image?expand=0&rev=3
---
 README.md                       | 61 +++++++++++++++++----------------
 config.sh                       |  3 --
 entrypoint.tar.gz               |  4 +--
 opensuse-openldap-image.changes | 17 +++++++++
 opensuse-openldap-image.kiwi    |  1 +
 5 files changed, 51 insertions(+), 35 deletions(-)

diff --git a/README.md b/README.md
index 6594440..1b9c258 100644
--- a/README.md
+++ b/README.md
@@ -103,41 +103,42 @@ Add --env LDAP_TLS=0 to the run command: `podman run -e LDAP_TLS=0 ...`
 
 ## Supported environment variables:
 ### Generic variables:
-- `DEBUG=[0|1]`	Enables "set -x" in the entrypoint script
-- `TZ`			Timezone to use in the container
+- `DEBUG=[0|1]`		   Enables "set -x" in the entrypoint script
+- `TZ`			   Timezone to use in the container
 
 ### Variables for new database:
-- `LDAP_DOMAIN`		Ldap domain. Defaults to `example.org`
-- `LDAP_BASE_DN`	Ldap base DN. If empty automatically set from `LDAP_DOMAIN` value. Defaults to (`empty`)
-- `LDAP_ORGANISATION`	Organisation name. Defaults to `Example Inc.`
-- `LDAP_ADMIN_PASSWORD`	Ldap admin password. It's required to supply one if no database exists at startup.
-- `LDAP_CONFIG_PASSWORD`	Ldap config password. It's required to supply one if no database exists at startup.
-- `LDAP_BACKEND`	Database backend, defaults to `mdb`
-- `LDAP_SEED_LDIF_PATH` Path with additional ldif files which will be loaded
-- `LDAP_SEED_SCHEMA_PATH`	Path with additional schema which will be loaded
+- `LDAP_DOMAIN`		   Ldap domain. Defaults to `example.org`
+- `LDAP_BASE_DN`	   Ldap base DN. If empty automatically set from `LDAP_DOMAIN` value. Defaults to (`empty`)
+- `LDAP_ORGANIZATION`	   Organization name. Defaults to `Example Inc.`
+- `LDAP_ADMIN_PASSWORD`	   Ldap admin password. It's required to supply one if no database exists at startup.
+- `LDAP_CONFIG_PASSWORD`   Ldap config password. It's required to supply one if no database exists at startup.
+- `LDAP_BACKEND`	   Database backend, defaults to `mdb`
+- `LDAP_SEED_LDIF_PATH`    Path with additional ldif files which will be loaded
+- `LDAP_SEED_SCHEMA_PATH`  Path with additional schema which will be loaded
 
 ### Variables for TLS:
-- `LDAP_TLS=[1|0]`	Enable TLS. Defaults to `1` (true).
-- `LDAP_TLS_CA_CRT`	LDAP ssl CA certificate. Defaults to `/etc/openldap/certs/ca.crt`.
-- `LDAP_TLS_CA_KEY`	Private LDAP CA key. Defaults to `/etc/openldap/certs/ca.key`.
-- `LDAP_TLS_CRT`	LDAP ssl certificate. Defaults to `/etc/openldap/certs/tls.crt`.
-- `LDAP_TLS_KEY`	Private LDAP ssl key. Defaults to `/etc/openldap/certs/tls.key`.
-- `LDAP_TLS_DH_PARAM`	LDAP ssl certificate dh param file.
-- `LDAP_TLS_ENFORCE=[0|1]`   Enforce TLS but except ldapi connections. Defaults to `0` (false).
-- `LDAP_TLS_CIPHER_SUITE`    TLS cipher suite.
-- `LDAP_TLS_VERIFY_CLIENT`   TLS verify client. Defaults to `demand`.
+- `LDAP_TLS=[1|0]`	   Enable TLS. Defaults to `1` (true).
+- `LDAP_TLS_CA_CRT`	   LDAP ssl CA certificate. Defaults to `/etc/openldap/certs/openldap-ca.crt`.
+- `LDAP_TLS_CA_KEY`	   Private LDAP CA key. Defaults to `/etc/openldap/certs/openldap-ca.key`.
+- `LDAP_TLS_CRT`	   LDAP ssl certificate. Defaults to `/etc/openldap/certs/tls.crt`.
+- `LDAP_TLS_KEY`	   Private LDAP ssl key. Defaults to `/etc/openldap/certs/tls.key`.
+- `LDAP_TLS_DH_PARAM`	   LDAP ssl certificate dh param file.
+- `LDAP_TLS_ENFORCE=[0|1]` Enforce TLS but except ldapi connections. Defaults to `0` (false).
+- `LDAP_TLS_CIPHER_SUITE`  TLS cipher suite.
+- `LDAP_TLS_VERIFY_CLIENT` TLS verify client. Defaults to `demand`.
 
 ### Various configuration variables:
-- `LDAP_NOFILE` 	Number of open files (ulimt -n), default `1024`
-- `LDAP_PORT`   	Port for ldap:///, defaults to `389`
-- `LDAPS_PORT`		Port for ldaps:///, defaults to `636`
-- `LDAPI_URL`		Ldapi url, defaults to `ldapi:///run/slapd/ldapi`
-- `LDAP_UID`            UID of ldap user. All LDAP related files will be changed to this UID
-- `LDAP_GID`		GID of ldap group. All LDAP related files will be changed to this GID
-- `LDAP_BACKEND`	Database backend, defaults to `mdb`
-- `SLAPD_LOG_LEVEL`     Slapd debug devel, defaults to `0`
+- `LDAP_NOFILE` 	   Number of open files (ulimt -n), default `1024`
+- `LDAP_PORT`   	   Port for ldap:///, defaults to `389`
+- `LDAPS_PORT`		   Port for ldaps:///, defaults to `636`
+- `LDAPI_URL`		   Ldapi url, defaults to `ldapi:///run/slapd/ldapi`
+- `LDAP_UID`               UID of ldap user. All LDAP related files will be changed to this UID
+- `LDAP_GID`		   GID of ldap group. All LDAP related files will be changed to this GID
+- `LDAP_BACKEND`	   Database backend, defaults to `mdb`
+- `SLAPD_LOG_LEVEL`        Slapd debug devel, defaults to `0`
+- `SETUP_FOR_MAILSERVER`   The mail organization will be created (ldif/mailserver/), defaults to `0`
 
 ## Data persistence volumes
-- `/etc/openldap/certs`		TLS certificates for slapd
-- `/etc/openldap/slapd.d`	Slapd configuration files
-- `/var/lib/ldap`		OpenLDAP database
+- `/etc/openldap/certs`	   TLS certificates for slapd
+- `/etc/openldap/slapd.d`  Slapd configuration files
+- `/var/lib/ldap`	   OpenLDAP database
diff --git a/config.sh b/config.sh
index a525a27..87be8ef 100644
--- a/config.sh
+++ b/config.sh
@@ -16,6 +16,3 @@ mv /etc/sysconfig/openldap /etc/sysconfig/openldap.example
 # No default domain and standard password ...
 rm /etc/openldap/slapd.conf
 
-# Fix path so that update-ca-certificates does not complain
-# [bsc#1175340]
-rm /etc/ssl/certs && ln -sf /var/lib/ca-certificates/pem /etc/ssl/certs
diff --git a/entrypoint.tar.gz b/entrypoint.tar.gz
index 26b8edd..1d7a5cc 100644
--- a/entrypoint.tar.gz
+++ b/entrypoint.tar.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:731c4a9b3ae55f5f54396c5d0da49dcee67e84efada7bc040d3debc6102c4658
-size 8427
+oid sha256:3e574daadc1537e89403e5473ed55f49cf3d52f2b5b24fb7e8882d9f98d502b7
+size 8730
diff --git a/opensuse-openldap-image.changes b/opensuse-openldap-image.changes
index 610d7a6..650a5e4 100644
--- a/opensuse-openldap-image.changes
+++ b/opensuse-openldap-image.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Mon Oct 26 12:42:00 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Check for errors when importing ldif files
+- Add support to import ldif files for mailserver setup
+
+-------------------------------------------------------------------
+Mon Sep 28 18:50:23 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Add timezone package 
+
+-------------------------------------------------------------------
+Thu Aug 27 08:16:26 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Load postfix.ldif by default, delete duplicate file
+- Pre-process mailserver/*.ldif files
+
 -------------------------------------------------------------------
 Wed Aug 26 15:57:24 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/opensuse-openldap-image.kiwi b/opensuse-openldap-image.kiwi
index 1e9bcf9..f5757d0 100644
--- a/opensuse-openldap-image.kiwi
+++ b/opensuse-openldap-image.kiwi
@@ -54,6 +54,7 @@
     <package name="openldap2-client"/>
     <package name="openldap2-ppolicy-check-password"/>
     <package name="openssl"/>
+    <package name="timezone"/>
     <package name="mandoc"/>
     <package name="ca-certificates"/>
     <package name="ca-certificates-mozilla"/>